BGP Routing Policies

www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

 Foreword

BGP can be used to combine many policy tools, use BGP path attributes
such as AS_PATH, COMMUNITY and so on as well as filter routes
received from or sent to peers. This section will introduce many of the
policy mechanisms within BGP to support manipulation of all traffic.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 2

 Objectives

Upon completion of this section, you will be able to:

 Understand the BGP route selection process

 Understand BGP filters

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 3

 Contents

Review of the BGP Route Selection Process

BGP path selection

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 4

 Review of the BGP Route Selection Process
 If the route’s next hop is unreachable, ignore it

 Select the route with highest Preferred-Value

 Select the route with highest local preference

 Choose aggregate routes over non aggregate routes

 Local manual aggregation routing priority takes precedence over local

automatic aggregation routing
 Network command presides over import-route command in local route import

 Select the route with the shortest AS_PATH.

 BGP compares the origin attribute of the route and selects the route with the
lowest origin attribute code: IGP is lower than EGP, which is lower than
Incomplete.
 Select the route with the lowest MED value.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 5

 Review of the BGP Route Selection Process (cont.)
 Prefer the route with the shortest path to the BGP NEXT_HOP.
This is the route with the lowest IGP metric to the next-hop
router.
 When all the above are identical, they are equivalent route
and can be used for load balancing
− Note: AS_PATH must be the same
− The last 3 route selection rules can be ignored when
load balancing is implemented
 Selects the route with the shortest cluster-list

 Prefer the route with smaller Originator ID. Select the route
with smaller router ID if Originator ID is unavailable.
 Prefer the route with smaller peer IP address.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 6

 Contents

Review of the BGP Route Selection Process

BGP path selection

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 7

 BGP Route Selection Parameters

 The important parameters that affect the BGP route selection

 Preferred Value
 Local-Preference
 AS-Path
 Origin
 MED
 EBGP/IBGP
 IGP Cost
 Cluster-list
 Communities

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 8

 BGP Local-Preference

 default local-preference command is used to configure the

BGP default local preference, higher values are preferred.
[Router-bgp] default local-preference preference
 By default, the local preference value is 100.

 Configuring different local preference values will affect the

BGP route selection. When multiple routes to reach a particular
network exist on a BGP router, the route with higher local
preference will be selected.
 Local preference is used only within an AS between IBGP
peers, it will not be advertized to other AS`.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 9

 Configure the Default Value of the Local-Preference

[RTB]bgp 200
[RTB-bgp]default local-preference 2000 AS 200
10.1.1.2

AS 100 10.1.1.1
RTB

192.168.1.1/32 10.4.4.1
RTA
RTD
10.4.4.2

[RTC]bgp 200 RTC

[RTC-bgp]default local-preference 1000

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 10

 Configuring Local-Preference via Policy

AS 200
10.1.1.2

AS 100 10.1.1.1
RTB
RTD
192.168.1.0/24 10.4.4.1
192.168.2.0/24 RTA
10.4.4.2

RTC

 RTD can reach AS100 via 2 different routes.

 The next hop is RTB for the traffic to reach 192.168.1.0/24.

 The next hop is RTC for the traffic to reach 192.168.2.0/24.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 11

 Policy Configuration on RTB

#
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
#
bgp 200
peer 10.1.1.1 as-number 100
peer 3.3.3.3 as-number 200
#
ipv4-family unicast
undo synchronization
peer 10.1.1.1 enable
peer 10.1.1.1 route-policy test1 import
#
route-policy test1 permit node 10
if-match acl 2000
apply local-preference 2000
route-policy test1 permit node 20
apply local-preference 1000
#

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 12

 Policy Configuration on RTC
#
acl number 2000
rule 5 permit source 192.168.2.0 0.0.0.255
#
bgp 200
peer 10.4.4.1 as-number 100
peer 2.2.2.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 10.4.4.1 enable
peer 10.4.4.1 route-policy test1 import
#
route-policy test1 permit node 10
if-match acl 2000
apply local-preference 2000
route-policy test1 permit node 20
apply local-preference 1000
#

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 14

 BGP MED

 default med command is used to configure the default MED

value
[Router-bgp] default med med
 By default, the MED value is 0.

 Configuring different MED values will affect the BGP route

selection.
 The lowest MED value is preferred. The MED value is
considered as metric or cost. We prefer the route with lowest
cost.
 MED attributes that sent to an EBGP peer, will only be seen
within that AS. It is not passed beyond the receiving AS.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 15

 Configuring MED via Policy
Prefix/Mask Med
AS 100 RTA 192.168.1.0/24 1000
192.168.3.0/24 2000
RTB AS 200
RTE RTF
10.1.1.1 10.1.1.2

192.168.1.0/24
192.168.3.0/24
Prefix/Mask Med
RTC 192.168.1.0/24 2000 RTD
192.168.3.0/24 1000

 The MED value is configured in AS100 via policy to influence the

BGP route selection in AS200. The configuration of MED value realize
the incoming traffic control when multiple paths exist.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 16

 Policy Configuration on RTA
#
bgp 100
peer 10.1.1.2 as-number 200
peer 3.3.3.3 as-number 100
peer 5.5.5.5 as-number 100
#
ipv4-family unicast
undo synchronization
peer 10.1.1.2 enable
peer 10.1.1.2 route-policy test1 export
peer 3.3.3.3 enable
peer 5.5.5.5 enable
#
route-policy test1 permit node 10
if-match ip-prefix 1
apply cost 2000
route-policy test1 permit node 20
apply cost 1000
#
ip ip-prefix 1 index 10 permit 192.168.3.0 24 greater-equal 24 less-equal 24
#

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 17

 Policy Configuration on RTC
#
bgp 100
peer 10.4.4.1 as-number 200
peer 1.1.1.1 as-number 100
peer 5.5.5.5 as-number 100
#
ipv4-family unicast
undo synchronization
peer 10.4.4.1 enable
peer 10.4.4.1 route-policy test1 export
peer 1.1.1.1 enable
peer 5.5.5.5 enable
#
route-policy test1 permit node 10
if-match ip-prefix 1
apply cost 2000
route-policy test1 permit node 20
apply cost 1000
#
ip ip-prefix 1 index 10 permit 192.168.1.0 24 greater-equal 24 less-equal 24
#

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 19

 AS-PATH Filter

 We can define multiple filtering policies (permit or deny) under

the same as-path-filter number. The operation “OR” is applied
during the matching process. This indicates that at least one
occurrence is required to make the test true. No occurrence
indicates that the test failed

 AS_PATH Filter uses the regular expression method to filter

the AS_PATH attribute information.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 20

 Regular Expressions

 Regular expressions is a type of BGP filtering method.

 Regular expressions are a formula used to match the string

according to certain rules. The decision process is done (permit or
deny) on the AS_PATH attribute of the BGP route, based on the
matched string. In fact, we can regard the regular expression as an
ACL for the AS_PATH.

 Multiple permit or deny filters can be defined using regular

expressions. The operation “OR” is applied for the matching process.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 21

 Regular Expressions

Characters Explanation
Match the beginning of a string. For example “^200” indicates match only if the first
^
value of the AS_PATH is 200.
Match the end of a string. For example “200$” indicates match only if the last value of
$
the AS_PATH is 200.

. Match any single character, including white space.

+ Matches one or more sequences of the pattern.

_ Match any delimiters. For example, comma, bracket, white space and so on.

* Match zero or more sequences of the pattern.

To group smaller regular expressions into larger regular expressions, ”()” is often used
()
together with “|”.
| It is an operator that means “or”.
[] Enable you to specify a range of single characters., ”[]” is often used together with “-”.
- Separates the end points of a range.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 22

 String Matching (1)

 ^ (Caret) matches the beginning of a line

 ^ regular expression
 $ (Dollar) matches the end of a line.

 $ regular expression

ip as-path-filter 1 permit ^12.*74$

Match the AS number that
starts with sequence12
and ends with sequence
74

Example

AS_PATH (123 621 743 34512 2374)

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 23

 String Matching (2)

 | (Bar) is used to specify an OR operation.

 Regular expression 1| Regular expression 2

ip as-path-filter 1 permit 23|43

Match AS23 or AS43

Example

AS_PATH (123 621 743 34512 2374)

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 24

 String Matching (3)

 [ ] (Brackets) enable us to specify a range of single characters., ”[]” is often used

together with “-”.

 - Hyphen

 [regular expression 1-regular expression 2]

ip as-path-filter 1 permit [1-3][47]

Match AS number 14,

17, 24, 27, 34 or 37

Example

AS_PATH (123 621 743 34512 2374)

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 25

 String Matching (4)

 _ (Underscore) matches any delimiters. For example, comma, bracket, white

space and so on.

ip as-path-filter 1 permit _34512 170$

AS34512 and AS170 are

directly connected

Example

AS_PATH (123 621 743 34512 170)

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 26

 String Matching (5)

 . (Dot) matches any single character, including space.

ip as-path-filter 1 permit [1-3].[47]

AS_PATH (123 621 743 34512 2374)

AS_PATH (123 621 743 34512 2374)

AS_PATH (123 621 743 34512 2374)

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 27

 String Matching (6)

 * (Asterisk) matches zero or more sequences of the pattern.

 + (Plus) matches one or more sequences of the pattern.

ip as-path-filter 1 permit _621 .* 170$

Accept the route originating from

AS170, and traverses AS621

AS_PATH (123 621 743 34512 170)

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 28

 Common Used Regular Expressions

Regular Expressions Meaning

＝＝＝＝＝＝＝＝＝|| ＝＝＝＝＝＝＝＝＝＝＝＝＝
^$ Match the routes originated in local AS

.* Match all routes

_10_ Match the routes traversing AS10

^10$ Match the routes with only AS10 in AS_PATH

^10_ Match the routes received from AS10 directly

^[0-9]+$ Match the routes with only one AS in AS_PATH

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 29

 AS-Path Filter
AS 200
10.1.1.2 10.2.2.1

AS 100 10.1.1.1
RTB
10.2.2.2
AS 300
192.168.1.0/24 RTC
10.4.4.2 10.3.3.1
192.168.2.0/24 RTA RTD
10.4.4.1 10.3.3.2

AS 400
 RTC wants to receive only routing information from AS300.

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 30

 Configuration on RTC

#
bgp 400
peer 10.4.4.2 as-number 100
peer 10.3.3.1 as-number 300
#
ipv4-family unicast
undo synchronization
peer 10.4.4.2 enable
peer 10.4.4.2 as-path-filter 1 import
peer 10.3.3.1 enable
peer 10.3.3.1 as-path-filter 1 import
#
ip as-path-filter 1 permit ^300_
#

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 31

 BGP Community
Expected direction of the traffic flow

AS 200
10.1.1.1 10.1.1.2
RTA RTB
1000M
AS 100 10.4.4.2 10.2.2.1 1000M

10.0.0.0/24
10.4.4.1 10.2.2.2 AS 300
10.3.3.2 10.3.3.1
RTD RTC
10M

Default direction of the traffic flow

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 32

 Configuration on RTA

bgp 100
peer 10.4.4.1 as-number 100
peer 10.1.1.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 10.4.4.1 enable
peer 10.1.1.2 enable
peer 10.1.1.2 route-policy set_community export
peer 10.1.1.2 advertise-community
#
route-policy set_community permit node 10
apply community 100:1

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 33

 Configuration on RTD

bgp 100
peer 10.4.4.2 as-number 100
peer 10.3.3.1 as-number 300
#
ipv4-family unicast
undo synchronization
peer 10.4.4.2 enable
peer 10.3.3.1 enable
peer 10.3.3.1 route-policy set_community export
peer 10.3.3.1 advertise-community
#
route-policy set_community permit node 10
apply community 100:2

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 35

 Configuration on RTC
bgp 300
peer 10.2.2.1 as-number 200
peer 10.3.3.2 as-number 100
#
ipv4-family unicast
undo synchronization
peer 10.2.2.1 enable
peer 10.2.2.1 route-policy set_local_pref import
peer 10.2.2.1 advertise-community
peer 10.3.3.2 enable
peer 10.3.3.2 route-policy set_local_pref import
peer 10.3.3.2 advertise-community
#
route-policy set_local_pref permit node 10
if-match community-filter 1
apply local-preference 200
Route-policy set_local_pref permit node 20
if-match community-filter 2
apply local-preference 50
#
ip community-filter 1 permit 100:1
ip community-filter 2 permit 100:2

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 36

 Display the Community Attribute

[RTC]display bgp routing-table community

Total Number of Routes: 2

BGP Local router ID is 10.2.2.2

Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network NextHop MED LocPrf PrefVal Community

* 10.0.0.0/24 10.3.3.2 0 50 0 <100:2>

*> 10.2.2.1 200 0 <100:1>

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 37

 Display the Community Attribute (Cont.)
[RTC]display bgp routing-table 10.0.0.0

BGP local router ID : 10.2.2.2

Local AS number : 300
Paths: 2 available, 1 best

BGP routing table entry information of 10.0.0.0/24:

From: 10.2.2.1 (10.1.1.2)
Original nexthop: 10.2.2.1
Community:<100:1>
AS-path 200 100, origin igp, localpref 200, pref-val 0, valid, external, best,
pre 255
Advertised to such 1 peers:
10.3.3.2

BGP routing table entry information of 10.0.0.0/24:

From: 10.3.3.2 (10.3.3.2)
Original nexthop: 10.3.3.2
Community:<100:2>
AS-path 100, origin igp, MED 0, localpref 50, pref-val 0, valid, external, pre
255
Not advertised to any peer yet

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 38

 Summary

 Describe the route policy tools used

in BGP.

 List out the parameters that affect

the BGP route selection.

 Describe the difference between “+”

and “*” used in regular expressions.

Describe also the difference
between “.” and “_” .

HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 39

Thank You
www.huawei.com